Curated Content | Thought Leadership | Technology News

Hidden Malware Found In Several Popular Google Play Apps

Avoiding detection for nearly two years.
Ryan Uliss
Contributing Writer
Alligator camouflaged in bushes, representing hidden danger.

A new iteration of the sophisticated cyberespionage tool known as Mandrake has been uncovered in five applications on the Google Play Store, remaining undetected for nearly two years. This revelation comes from research done by cybersecurity firm Kaspersky, which highlighted that these apps had been installed over 32,000 times.

Mandrake, initially identified by Bitdefender in 2020, has a history of avoiding detection and targeting specific victims based on their potential value. The latest version of Mandrake employs advanced obfuscation techniques and evasion methods, making it challenging for security tools to detect.

Hidden in seemingly innocuous apps like a memory training app and an app for those interested in learning about astronomy, Mandrake gathers extensive device data before executing its main malicious functions. These functions include enabling WiFi, initiating remote screencasting, and accessing user credentials. Google has since removed these apps from the Play Store and has enhanced its security measures to limit the access future sophisticated threats such as this may have.

Why It Matters: The discovery of Mandrake’s new and advanced version within the Google Play Store is particularly unsettling, especially given the fact it remained undetected for nearly two years. This revelation reiterates the persistent and evolving nature of cyber threats and highlights that even major technology platforms like Google are not immune to sophisticated attacks. It serves as a stark reminder of the need for relentless vigilance and continual advancements in cybersecurity practices.

  • Advanced Evasion Techniques: Mandrake’s latest version uses sophisticated methods like obfuscated native libraries and certificate pinning for command-and-control (C2) communications, making detection difficult for conventional security tools.
  • Targeted Data Collection: The malware collects extensive information about the device and its user in stages, starting with basic device data and escalating to remote access and credential theft if the victim is deemed valuable.
  • Selective Targeting: Historically, Mandrake avoids low-income and less strategically important regions, focusing on more lucrative targets in developed countries, which reflects its operators’ strategic approach.
  • Continuous Evolution: Mandrake’s ability to evolve and bypass new defense mechanisms highlights the sophisticated skills of its operators and the ongoing challenge of securing app marketplaces against advanced cyber threats.

Go Deeper -> New Version of Sophisticated Spyware Remained Undetected on Google App Store for Two Years – The Record

New Mandrake Spyware Found in Google Play Store Apps After Two Years – The Hacker News

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters